U-Prove

Publications

Overview

U-Prove components are released in the Security and Cryptography Incubations Quarterly Technology Drop.

Overview

A U-Prove token is a new type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences:

1) The issuance and presentation of a token is unlinkable due to the special type of public key and signature encoded in the token; the cryptographic “wrapping” of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders.

2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a blacklist, or prove that she is of age without disclosing her actual birthdate.

These user-centric aspects make the U-Prove technology ideally suited to creating the digital equivalent of paper-based credentials and the plastic ID cards in one’s wallet.

Microsoft has made available the foundational features of the technology by releasing the core U-Prove specifications under the Open Specification Promise.

Revision 2 of the specification and the C# SDK has been released. This release features an optimized token issuance protocol, and an ability to present scope-exclusive pseudonyms and to generate cryptographic commitments from attribute values. (April 2013)